Comeback of the more unpleasant kind: Trojan Emotet returns

Comeback of the more unpleasant kind Trojan Emotet returns - Comeback of the more unpleasant kind: Trojan Emotet returns

Flashback: In 2018, the Federal Office for Information Security (BSI) warned of the Emotet malware. The Trojan was then distributed on a large scale via spam emails. Fortunately, the malware later became quiet. This is now over after months of absence. A botnet has been helping Emotet to make a comeback since last Friday.

Spam e-mails will be sent again that either contain an infected attachment or are to be forwarded to a corresponding URL. The trick is popular in disguising the infected email so that it appears as part of an existing correspondence with a trustworthy source. Emotet serves criminals as a gateway, so to speak, to further pests such as. B. to re-channel TrickBot.

The real danger therefore only develops in the long run, because Emotet then makes it possible, for example, to “deliver” ransomware. For you, the advice is to keep an eye on your emails and, in case of doubt, not to open an attachment or a link.

Malicious documents

5d2c6110f2ea87a6b7fe9256affbac0eebdeee18081d59e05df4b4a17417492b
4fdff0ebd50d37a32eb5c3a1b2009cb9764e679d8ee95ca7551815b7e8406206
bb5602ea74258ccad36d28f6a5315d07fbeb442a02d0c91b39ca6ba0a0fe71a2
6d86e68c160b25d25765a4f1a2f8f1f032b2d5cb0d1f39d1d504eeaa69492de0
18fab1420a6a968e88909793b3d87af2e8e1e968bf7279d981276a2aa8aa678e
d5213404d4cc40494af138f8051b01ec3f1856b72de3e24f75aca8c024783e89

Infected websites

elseelektrikci (.) com
rviradeals (.) com
skenglish (.) com
packersmoversmohali (.) com
tri-comma (.) com
ramukakaonline (.) com
shubhinfoways (.) com
test2.cxyw (.) net
sustainableandorganicgarments (.) com
staging.icuskin (.) com
fivestarcleanerstx (.) com
bhandaraexpress (.) com
crm.shaayanpharma (.) com
zazabajouk (.) com
e2e-solution (.) com
topgameus (.) com
cpads (.) net
tyres2c (.) com
thesuperservice (.) com
ssuse (.) com

Emotet binaries

454d3f0170a0aa750253d4bf697f9fa21b8d93c8ca6625c935b30e4b18835374
d51073eef56acf21e741c827b161c3925d9b45f701a9598ced41893c723ace23
1368a26328c15b6d204aef2b7d493738c83fced23f6b49fd8575944b94bcfbf4
7814f49b3d58b0633ea0a2cb44def98673aad07bd99744ec415534606a9ef314
f04388ca778ec86e83bf41aa6bfa1b163f42e916d0fbab7e50eaadc8b47caa50

C2s

178.210.171 (.) 15
109.117.53 (.) 230
212.51.142 (.) 238
190.160.53 (.) 126

Malwarebytes

Source link

We will be happy to hear your thoughts

Leave a reply